DEF CON 29, one of the world’s largest and most notable hacker conventions, is held annually in Las Vegas, Nevada. This year’s venues will be Paris Las Vegas and Bally’s convention centers as well as Virtually. The dates are August 5th-8th 2021.
Attendees at DEF CON 29 include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, IoT, and more.
Masks and Vaccination will be required at DEF CON 29 this year, thanks to the complications of COVID-19.
DEF CON 29 Topics Include
Breaking TrustZone-M: Privilege Escalation on LPC55S69 by Laura Abbott Oxide Computer Company, Rick Altherr Oxide Computer Company, and Virtual only presentation. The Mechanics of Compromising Low Entropy RSA Keys by Austin Allshouse Staff Research Scientist / BitSight.
A Look Inside Security At The New York Times Or A Media Security Primer For Hackers by Jesse “Agent X” Krembs. Bring Your Own Print Driver Vulnerability by Jacob Baines Vulnerability researcher at Dragos. 2021 – Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us by Tomer Bar Director of Security Research @ SafeBreach, and Eran Segal Security Researcher @ SafeBreach Labs.
Abusing SAST tools! When scanners do more than just scanning by Rotem Bar Head of Marketplace Integrations @ Cider Security. The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures by Sheila A. Berta Head of Research at Dreamlab Technologies.
Hacking G Suite: The Power of Dark Apps Script Magic by Matthew Bryant Red Team @ Snapchat by PunkSPIDER and IOStation: Making a Mess All Over the Internet by _hyp3ri0n aka Alejandro Caceres Director of Computer Network Exploitation at QOMPLX, former owner of Hyperion Gray, and Jason Hopper Hacker.
Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol by Rion Carter. Hack the hackers: Leaking data over SSL/TLS by Ionut Cernica PHD Student @Department of Computer Science, Faculty of Automatic Control and Computer Science, University Politehnica of Bucharest.
Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric by Mars Cheng Threat researcher for TXOne Networks, and Selmon Yang Staff Engineer at TXOne Networks. Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout by Ian Coldwater Hacker and Chad Rikansrud (Bigendian Smalls) Hacker.
D0 N0 H4RM: A Healthcare Security Conversation by Christian “quaddi” Dameff MD Physician & Medical Director of Cyber Security at The University of California San Diego, Jeff “r3plicant” Tully MD Anesthesiologist at The University of California San Diego, Jessica Wilkerson Cyber Policy Advisor at the US Food and Drug Administration FDA, Josh Corman Chief Strategist for CISA, Founder of I am The Cavalry, Gabrielle Hempel Cloud Security Engineer/Medical Security Researcher, and Stephanie Domas Director of Cybersecurity Strategy and Communications at Intel.
No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit by Roy Davis Senior Security Engineer, Zoom Video Communications. Unlocking KeeLoq – A Reverse Engineering Story by Rogan Dawes Researcher, Orange Cyberdefense’s SensePost Team. Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages by Jeff Dileo Technical Director, NCC Group.
Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE by Tianze Ding Senior security researcher, Tencent Security Xuanwu Lab. Privacy Without Monopoly: Paternalism Works Well, But Fails Badly by Cory Doctorow Author, journalist, activist. Response Smuggling: Pwning HTTP/1.1 Connections by Martin Doyhenard Security Researcher at Onapsis.
Worming through IDEs by David Dworken Security Engineer, Google. eBPF, I thought we were friends! By Guillaume Fournier Security Engineer at Datadog, Sylvain Afchain Staff Engineer at Datadog, and Sylvain Baubeau Staff Engineer at Datadog. DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems by Joseph Gabay Hacker.
Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud by Dennis Giese Hacker. Defeating Physical Intrusion Detection Alarm Wires by Bill Graydon Principal, Research, GGR Security. Phantom Attack: Evading System Call Monitoring by Rex Guo Head of Research, Confluera, Junyuan Zeng Senior Software Engineer, Linkedin, and Speaker(s) will be at DEF CON!
TEMPEST radio station by Paz Hameiri Hacker. Old MacDonald Had a Barcode, E-I-E-I CAR by Richard Henderson. Sleight of ARM: Demystifying Intel Houdini by Brian Hong Security Consultant, NCC Group. Caught you – reveal and exploit IPC logic bugs inside Apple by Zhipeng Huo Senior Researcher, Tencent Security Xuanwu Lab, Yuebin Sun Senior Researcher, Tencent Security Xuanwu Lab, and Chuanda Ding Senior Researcher, Tencent Security Xuanwu Lab.
New Phishing Attacks Exploiting OAuth Authentication Flows by Jenko Hwong Netskope Threat Research team. The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks by Babak Javadi Co-Founder, Red Team Alliance, Nick Draffen, Eric Betts, and Anze Jensterle. Wibbly Wobbly, Timey Wimey – What’s Really Inside Apple’s U1 Chip by jiska TU Darmstadt, SEEMOO, Alexander Heinrich TU Darmstadt, SEEMOO.
Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language by Kelly Kaoudis and Sick Codes Hacker.
HTTP/2: The Sequel is Always Worse by James Kettle Director of Research, PortSwigger Web Security. Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance, our world’s first NFMI exploitation, sorta, or OTARCEDC27NFMIOMGWTFBBQ by Seth Kintigh Hardware Security Engineer, Dell.
HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace – DEF CON Policy Panel by Alexander Klimburg DEF CON Policy Dept, Panel Moderator, Chris Painter Global Forum of Cyber Expertise, Former head of US cyber diplomacy, Lauren Zabierek Harvard Belfer Cyber Project, Van Horenbeeck Forum of Incident Responders and Security Teams (VIRTUAL), Sheetal Kumar Global Partners Digital (VIRTUAL), and Bill “Woody” Woodcock Chair of the Foundation Council, Quad9, Packet Clearing House.
Offensive Golang Bonanza: Writing Golang Malware by Ben Kurtz Principal Anarchist, SymbolCrash Founder of Binject, Host of the Hack the Planet podcast. Fuzzing Linux with Xen by Tamas K Lengyel Senior Security Researcher, Intel Hacking Humans with AI as a Service by Eugene Lim Cybersecurity Specialist, Government Technology Agency of Singapore, Glenice Tan Cybersecurity Specialist, Government Technology Agency of Singapore, and Tan Kee Hock Cybersecurity Specialist, Government Technology Agency of Singapore
Do you like to read? I know how to take over your Kindle with an e-book by Slava Makkaveev Security Researcher, Check Point. Between Two Servers—A Q&A with Sec. Mayorkas and Dark Tangent by Alejandro Mayorkas Secretary of the Department of Homeland Security Dark Tangent. PINATA: PIN Automatic Try Attack by Salvador Mendoza Security Researcher, Ocelot Offensive Security Team.
Ransomware’s Big Year – from nuisance to “scourge”? – DEF CON Policy Panel by Jen Easterly Director, DHS CISA, Chris Painter co-chair, Ransomware Task Force, Kurtis Minder CEO, GroupSense, Jane Holl Lute former CEO Center for Internet Security, and Ellen Nakashima Washington Post, Panel Moderator.
Time Turner – Hacking RF Attendance Systems (To Be in Two Places at Once) by Vivek Nair Ph.D. Student, EECS Department, UC Berkeley
REBOOTING CRITICAL INFRASTRUCTURE PROTECTION by Lily Newman WIRED magazine, Panel Moderator, Alexander Klimburg Director, Global Commission on the Stability of Cyberspace, Faye Francy Executive Director, Automotive Information Sharing and Analysis Center, Eric Goldstein Executive Assistant Director, DHS CISA, Amelie Koran Senior Technology Advocate, Splunk, and Danny McPherson Executive Vice President & Chief Security Officer, Verisign.
Gone Apple Pickin’: Red Teaming macOS Environments in 2021 by Cedric Owens Offensive Security Engineer. Warping Reality – creating and countering the next generation of Linux rootkits using eBPF by PatH Security Researcher. Hi! I’m DOMAIN\Steve, please let me access VLAN2 by Justin Perdok Security Specialist, Orange Cyberdefense Netherlands. You’re Doing IoT RNG by Dan “AltF4” Petro Lead Researcher, Bishop Fox and Allan Cecil (dwangoAC)Security Consultant, Bishop Fox.
Hacking the Apple AirTags by Thomas Roth Hacker MAVSH>. Attacking from Above by Sach Hacker. Hacking Viber Messenger with 0day Vulnerabilities: Sniffing and DoS by Samarkand CEO at Samarkand Web Studio. UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire by Chad Seaman Lead & Senior Engineer @ Akamai SIRT
Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes by Sagi Sheinfeld Sr. Engineer, CrowdStrike, Eyal Karni Sr. Engineer, CrowdStrike, and Yaron Zinar Sr. Manager, Engineering, CrowdStrike. High-Stakes Updates | BIOS RCE OMG WTF BBQ by Mickey Shkatov Hacker Jesse Michael HAcker. The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain by Sick Codes.
Your House is My House: Use of Offensive Enclaves In Adversarial Operations by Dimitry “Op_Nomad” SnezhkovAssociate Director, Protiviti. Racketeer Toolkit. Prototyping Controlled Ransomware Operations by Dimitry “Op_Nomad” SnezhkovAssociate Director, Protiviti. SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond by Reza Soosahabi Senior R&D Engineer, Keysight Technologies and Chuck McAuley Principal security researcher (ATIRC), at Keysight Technologies.
Extension-Land: exploits and rootkits in your browser extensions by Barak Sternberg Senior Security Researcher. A new class of DNS vulnerabilities affecting many DNS-as-Service platforms by Shir Tamari Head of Research, Wiz (Wiz.io) and Ami Luttwak CTO, Wiz. UFOs: Misinformation, Disinformation, and the Basic Truth by Richard Thieme AKA neuralcowboy author and professional speaker, ThiemeWorks.
ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Microsoft Exchange Server! by Orange Tsai Principal Security Researcher of DEVCORE. Sneak into buildings with KNXnet/IP by Claire Vacherot Senior Security Auditor @ Orange Cyberdefense. Timeless Timing Attacks by Tom Van Goethem Researcher, KU Leuven, and Mathy Vanhoef Postdoctoral Researcher, NYU.
Central bank digital currency, threats, and vulnerabilities by Ian Vitek Security, Sveriges Riksbank (Central bank of Sweden). Breaking Secure Bootloaders by Christopher Wade Security Consultant at Pen Test Partners.
Bundles of Joy: Breaking macOS via Subverted Applications Bundles by Patrick Wardle Founder, Objective-See. Don’t Dare to Exploit – An Attack Surface Tour of SharePoint Server by Yuhao Weng Security Researcher of Sangfor, Steven Seeley Security Researcher of Qihoo 360, and Zhiniang Peng Principal Security Researcher at Sangfor. Making the DEF CON 29 Badge by Michael Whiteley MKFactor.com and Katie Whiteley MKFactor.com
Defending against nation-state (legal) attack: how to build a privacy-protecting service in the era of ubiquitous surveillance by Bill “Woody” Woodcock Chair of the Foundation Council, Quad9. How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain by Hao Xing Tencent Security Xuanwu Lab and Zekai Wu Security Researcher from Tencent Security Xuanwu Lab.
Glitching RISC-V chips: MTVEC corruption for hardening ISA by Adam ‘pi3’ Zabrocki Principal System Software Engineer (Offensive Security) at NVIDIA and Alex Matrosov. Analysis 101 and 102 for the Incident Responder by Kristy Westphal Vice President, Security Operations. Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders by Michael Register Threat Hunter.
Windows Internals by Sam Bowne Proprietor, Bowne Consulting, Elizabeth Biddlecome Consultant and Part-Time Instructor, Kaitlyn Handelman Hacker, and Irvin Lemus Cybersecurity Professor.
Hacking the Metal: An Introduction to Assembly Language Programming by eigentourist Programmer. House of Heap Exploitation by Maxwell Dulin Security Consultant, James Dolan Security Engineer, Nathan Kirkland Security Researcher & Engineer, and Zachary Minneker Security Researcher & Engineer. Modern Malware Analysis for Threat Hunters by Aaron Rosenmund Security Researcher and Ryan Chapman Principal IR Consultant.
Evading Detection a Beginner’s Guide to Obfuscation by Anthony “Cx01N” Rose Lead Security Researcher, Jake “Hubbl3” Krasnov Red Team Operations Lead, and Vincent “Vinnybod” Rose Lead Tool Developer. Bug bounty Hunting Workshop by Philippe Delteil Computer Science Engineer and David Patten. Learning to Hack Bluetooth Low Energy with BLE CTF by Ryan Holeman Global Security Overlord.
The Joy of Reverse Engineering: Learning With Ghidra and WinDbg by Wesley McGrew Senior Cybersecurity Fellow. From Zero to Hero in Web Security Research by Roman Zaikin Security Expert, Yaara Shriki Security Researcher, Dikla Barda Security Expert, and Oded Vanunu Security Leader and Offensive Security Expert.
Writing Golang Malware by Benjamin Kurtz Hacker. Network Analysis with Wireshark by Irvin Lemus Instructor, Sam Bowne Proprietor, Bowne Consulting, Elizabeth Biddlecome Consultant and Part-Time Instructor, and Kaitlyn Handelman Hacker. Advanced Wireless Attacks Against Enterprise Networks by Solstice Offensive Security Engineer.
Secure messaging over unsecured transports by Ash Hacker. Inspecting Signals from Satellites to Shock Collars by Trenton Ivey Senior Security Researcher and Eric Escobar Principal Security Consultant. Windows Internals by Sam Bowne Proprietor, Bowne Consulting, Elizabeth Biddlecome Consultant and Part-Time Instructor, Kaitlyn Handelman Hacker, and Irvin Lemus Cybersecurity Professor.
Analysis 101 and 102 for the Incident Responder by Kristy Westphal Vice President, Security Operations. From Zero to Hero in Web Security Research by Roman Zaikin Security Expert, Yaara Shriki Security Researcher, Dikla Barda Security Expert, and Oded Vanunu Security Leader and Offensive Security Expert.
Hacking the Metal: An Introduction to Assembly Language Programming by eigentourist Programmer
Demo Labs Includes
- AIS Tools: AIS Tools is a suite of Perl-based scripts to create, capture, interpret, and play NMEA 0183 Automatic Identification System (AIS) messages.
- Cotopaxi: Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols
- Depthcharge: A Framework for U-Boot Hacking
- Empire: Empire is a Command and Control (C2) framework powered by Python 3 that supports Windows, Linux, and macOS exploitation. It leverages many widely used offensive security tools through PowerShell, Python 3, and C# agents
- Frack: Frack is a tool created to be an end-to-end solution to store, manage and query collected breach data
- Git Wild Hunt: Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations
- Kubernetes Goat: Kubernetes Goat is “vulnerable by design” Kubernetes Cluster environment to practice and learn about Kubernetes Security
- Kubestriker: Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation
- Mooltipass: The Mooltipass project is a completely open-source ecosystem aimed at providing hardware-based authentication solutions
- Open Bridge: Open Bridge Simulator provides a platform to explore the NMEA 2000 protocol, maritime electronics and CAN interfaces in a cost effective (under $50) software/hardware suite
- ParseAndC: This tool is capable of mapping any C structure(s) to any datastream from any offset, and then visually displaying the 1:1 correspondence between the variables and the data in a very colorful, intuitive display so that it becomes very easy to understand which field has what value
- PMapper: An open-source tool and library for assessing AWS IAM and AWS Organizations for security concerns, such as privilege escalation and resource isolation
- reNgine: reNgine is an automated reconnaissance engine(framework) that is capable of performing end-to-end reconnaissance with the help of highly configurable scan engines on web application targets
- Ruse: Ruse is an open-source mobile app that uses some of the research from the past year to enable “normal” people to protect the photos that they put online from being processed by commercial facial recognition products
- Siembol: Siembol is Anti-Malware for the Cloud: an open-source real-time SIEM (Security Information & Event Management) tool based on big data technologies
- Shutter: The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permitting traffic based on IP or an executable that initiates or receives the traffic
- Solitude: Solitude is an open-source privacy analysis tool that aims to help people inspect where their private data goes once it leaves their favorite mobile or web applications
- The WiFi Kraken Lite: This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions
- Tracee: Tracee-ebpf is a system tracing tool, focused on malware related behaviours
- USBsamurai: A remotely-controlled USB HID injecting cable that costs less than 10 EUR to produce from off-the-shelf components that can be used to compromise targets remotely in the stealthiest way ever seen & also bypass Air-Gapped Environments like a boss!
- Zuthaka: A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2